Apple to Fix Vulnerability in macOS Mail App Which Lets Some Email Text Unencrypted and Readable
There is a vulnerability in the macOS Mail app which allows for a way to read encrypted emails. Apparently, Apple is aware of the issue and is working on a fix. The snippets.db database file is used by macOS function which details contact suggestions and stores mail in an unencrypted format. If you're unfamiliar, let's dive in to see some more details on the matter.
macOS Mail App Vulnerability Can Allow Someone to Read A Portion of Your Encrypted Emails
Initially, Gendler discovered the macOS Mail app bug on July 29 and it was reported to Apple. Apple stated that it was looking over the who scenario but as of now, there is no fix available. The vulnerability still exists in the latest macOS Catalina.
Let me say that again... The snippets.db database is storing encrypted Apple Mail messages...completely, totally, fully -- UNENCRYPTED -- readable, even with Siri disabled, without requiring the private key. Most would assume that disabling Siri would stop macOS from collecting information on the user. This is a big deal.
This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data.
Apple told The Verge that the macOS Mail app vulnerability fix will address the noted issue in a future software update. Apart from this, Apple also states that only snippets of emails are stored. The company also devised instructions on how to prevent data from being collected by the snippets database.
This is not something that general users should worry about. For the whole operation to be successful, a person must be using macOS Mail app to send out encrypted emails. Furthermore, the issue does not seem to affect anyone who has FileVault turned on. Nonetheless, Gendler says that it "brings up the question of what else is tracked and potentially improperly stored without you realizing it."
If you're someone who is concerned by the issue, here's what you have to do:
1. Head over to System Preferences.
2. Select Siri Action.
3. Select Siri Suggestions and Privacy.
4. Choose Mail and then turn off "Learn from this App"
That's all that you have to do in order to prevent emails from being added to the snippets database. Apple also said that customers can avoid giving apps full disk access in the latest macOS Catalina update.
There will be more to the story, so be sure to stay tuned in for more. Share your thoughts on macOS Mail app vulnerability with us in the comments section below